Facebook admins are doing damage control after a bug lead to the leak of some 6 million users’ phone numbers and email addresses.

The company is officially “upset and embarrassed” at the glitch, but is adamant no financial or other information was revealed and there has been no evidence the bug’s been exploited maliciously. Affected users should be notified by email.

The company says the bug was in its ‘Download Your Information (DYI)’ tool, which allows users to obtain an archive of their Facebook activities, official word says some people were briefly allowed to download the information from large groups of contacts or connections.

"We've concluded that approximately 6 million Facebook users had email addresses or telephone numbers shared,” said the official Facebook response.

"We currently have no evidence that this bug has been exploited maliciously, and we have not received complaints from users or seen anomalous behaviour on the tool or site to suggest wrongdoing... although the practical impact of this bug is likely to be minimal since any email address or phone number that was shared was shared with people who already had some of that contact information anyway, or who had some connection to one another, it's still something we're upset and embarrassed by."